Support User Manuals

Cisco Systems IPS4510K9 Home Security System User Manual

Open as PDF

of 854

4-28

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Chapter 4 Configuring Interfaces

Configuring VLAN Group Mode

In the second variation, the two ports are configured as trunk ports, so they can carry multiple VLANs.

In this configuration, the sensor bridges multiple VLANs between the two switches. Because multiple

VLANs are carried over the inline interface pair, the VLANs can be divided into groups and each group

can be assigned to a virtual sensor.

Configuring VLAN Groups

Use the physical-interfaces interface_name command in the service interface submode to configure

inline VLAN groups. The interface name is FastEthernet or GigabitEthernet.

The following options apply:

•

admin-state {enabled | disabled}—Specifies the administrative link state of the interface, whether

the interface is enabled or disabled.

Note

On all backplane sensing interfaces on all modules, admin-state is set to enabled and is

protected (you cannot change the setting). The admin-state has no effect (and is protected)

on the command and control interface. It only affects sensing interfaces. The command and

control interface does not need to be enabled because it cannot be monitored.

•

default—Sets the value back to the system default setting.

•

description—Specifies the description of the interface.

•

duplex—Specifies the duplex setting of the interface:

–

auto—Sets the interface to auto negotiate duplex.

–

full—Sets the interface to full duplex.

–

half—Sets the interface to half duplex.

Note

The duplex option is protected on all modules.

•

no—Removes an entry or selection setting.

•

speed—Specifies the speed setting of the interface:

–

auto—Sets the interface to auto negotiate speed.

–

10—Sets the interface to 10 MB (for TX interfaces only).

–

100—Sets the interface to 100 MB (for TX interfaces only).

–

1000—Sets the interface to 1 GB (for Gigabit interfaces only).

Note

The speed option is protected on all modules.

•

subinterface-type—Specifies that the interface is a subinterface and what type of subinterface is

defined.

–

vlan-group—Lets you define the subinterface as a VLAN group.

–

none—Speechifies that no subinterfaces are defined.

previous next